No. Only key holders have access to the data being shared. It is up to you to authorize every share with a key. Single use keys can also be generated.

There are relays if you need them due to firewalls:

"We also provide such additional methods of ensuring connectivity as relay and tracker servers."

But you can opt out of this config.